Authentik OIDC config with env variables

Support
1

I’m trying to configure OIDC on my Vikunja instance using env variables on a kubernetes deployment, to be able to use kubernetes secrets to configure OIDC Secret but i cannot get it working, here is my config

apiVersion: apps/v1
kind: Deployment
metadata:
  name: vikunja
  namespace: planners
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: vikunja
  template:
    metadata:
      labels:
        app: vikunja
    spec:
      containers:
        - name: vikunja
          image: vikunja/vikunja:0.24.6
          ports:
            - containerPort: 3456
          env:
            - name: VIKUNJA_LOG_LEVEL
              value: DEBUG
            - name: VIKUNJA_DATABASE_HOST
              valueFrom:
                secretKeyRef:
                  name: vikunja-db-creds
                  key: host
            - name: VIKUNJA_DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: vikunja-db-creds
                  key: password
            - name: VIKUNJA_DATABASE_TYPE
              value: postgres
            - name: VIKUNJA_DATABASE_USER
              valueFrom:
                secretKeyRef:
                  name: vikunja-db-creds
                  key: username
            - name: VIKUNJA_DATABASE_DATABASE
              valueFrom:
                secretKeyRef:
                  name: vikunja-db-creds
                  key: database
            - name: VIKUNJA_DATABASE_PORT
              valueFrom:
                secretKeyRef:
                  name: vikunja-db-creds
                  key: port
            - name: VIKUNJA_AUTH_LOCAL_ENABLED
              value: "true"
            - name: VIKUNJA_AUTH_OPENID_ENABLED
              value: "true"
            - name: VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_NAME
              value: "AUTHENTIK"
            - name: VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_AUTHURL
              value: "https://authentik.domain/application/o/vikunja/"
            - name: VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_LOGOUTURL
              value: "https://authentik.domain/application/o/vikunja/end-session/"
            - name: VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_SCOPE
              value: "openid email profile"
            - name: VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTID
              valueFrom:
                secretKeyRef:
                  name: vikunja-oidc-secret
                  key: client-id
            - name: VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET
              valueFrom:
                secretKeyRef:
                  name: vikunja-oidc-secret
                  key: client-secret

          volumeMounts:
            - name: files
              mountPath: /app/vikunja/files
            - name: config-volume
              mountPath: /etc/vikunja/config.yml
              subPath: config.yml
      volumes:
        - name: files
          persistentVolumeClaim:
            claimName: vikunja-pvc
        - name: config-volume
          configMap:
            name: vikunja-config

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: vikunja-config
  namespace: planners
data:
  config.yml: |
    defaultsettings:
      avatar_provider: gravatar
      language: pt-BR
    service:
      customlogourl: xxxx
      timezone: America/Montreal
      publicurl: xxxx
    auth:
      local:
        enabled: false
      openid:
        enabled: true

i cannot make it work, on the /api/v1/info i always get that provider value is empty. There is not a real error on the logs or on the screen, only the login link (Login with Authentik) does not show.

Not sure where is the error. Kinda frustrated, because it works when i hardcode values on the configmap, but it not works with env variables to use kubernetes secrets. Using hardcoded secrets on the configfile (Configmap) is not a real solution.

Can you help me?

2

You need to upgrade to the latest RC or an unstable build, passing openid config through env is only available in newer versions.

3

It works like a charm, thanks